Table: Tasks to complete Symantec Advanced Threat Protection installation
Add new ATP Manager accounts.
Add additional Admin, Controller, and User accounts for accessing ATP Manager.
Tip: As a best practice, you should set up at least one additional Admin user account immediately after installation in case there's an issue accessing ATP Manager with the initial Admin account credentials.
When you define internal networks, you specify which computers are part of your network and which computers belong to the world outside. With this information, ATP can distinguish between protected computers and the computers that are outside of the network.
By default, ATP submits files to Symantec's Cynic cloud-based malware detonation system for analysis. However, you can keep file analysis local and submit your files to a customer-owned, on-premises Symantec Malware Analysis appliance for detonation and analysis.
If you use cloud-based sandboxing, your organization may have data privacy and residency requirements that restrict you from sending files outside of the region. ATP provides an option that ensures that your files are submitted to a data center in the United Kingdom for sandbox analysis. Symantec recommends that you enable this option before you enable network scanning to ensure that no files are improperly routed.
ATP supports the following types of proxy configurations:
A network proxy. ATP uses a network proxy to access the external network.
An enterprise proxy within an enterprise environment. ATP treats the traffic that is routed to an enterprise proxy (which may have an IP address within an internal network) differently than the traffic that is routed through a network proxy.
If you use proxies, each ATP appliance, whether in CIU, standalone, or scanner role, must have the IP addresses of existing proxies.